S3 DNS Compliant Bucket Names

This plugin ensures that S3 buckets have DNS compliant bucket names.

Risk Level: Low

Description

This plugin ensures that S3 buckets have DNS compliant bucket names. To be DNS adaptive the name must not contain ‘.’ (period). This enables S3 acceleration to work properly over an SSL connection.

About the Service

Amazon S3: Amazon Simple Storage Service, popularly known as Amazon S3, is a storage space available on the cloud. Using Amazon S3, you can store and retrieve any amount of data. You can manage permissions using S3 bucket policies.

Impact

S3 buckets have a global namespace. This results in creating unique names for the buckets similar to domain names. Since the Amazon S3 client utilizes the SSL/HTTPS mechanism, the bucket names cannot contain periods. This will disable the ability to upload files from S3 browser to the dashboard.

Steps to Reproduce

Using AWS Console-

  1. Log In to your AWS Console.
  2. Open the Amazon S3 Management Console. You can use this link (https://console.aws.amazon.com/s3) to navigate directly if already logged in. 
  3. A list of S3 buckets will be displayed. Verify if any of the buckets has ‘.’ (period) in their name. If yes, the vulnerability exists.
  4. Repeat step 3 for all the S3 buckets you want to investigate.

Steps for Remediation

Recreate S3 bucket with a unique name without ‘.’ (period) character.

  1. Log In to your AWS Console.
  2. Open the Amazon S3 Management Console. You can use this link (https://console.aws.amazon.com/s3) to navigate directly if already logged in. 
  3. A list of S3 buckets will be displayed. Click on Create Bucket form the top-right corner.
  4. Type in a DNS compliant name for the new bucket. To use a separator, the ‘-’ (hyphen) character can be used.
  5. Make sure the new bucket is created in the same region. Also, copy the settings from your previous vulnerable bucket to restore the configuration.
  6. Click on Create Bucket to initialize a new bucket.
  7. Now, move to the original bucket and “Move” all the objects to the newly created bucket.
  8. To delete the original bucket, click on the radio button next to the bucket’s name and click on Delete.
  9. Repeat steps for all the vulnerable S3 buckets.